This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

"Per the specification, clients can renew expired tokens by issuing a refresh token in exchange for a new access token. And *most* providers implement that part of the specification, too. Facebook, however, does not. "

This thread discusses possible solutions to this, and I believe there is a JIRA for a potential solution targeted for a 1.1 version of Spring Social:

Comment

As Michael said, Facebook's a different animal and doesn't support refresh tokens (even though they do expire their tokens). The *only* way to get a new access token with Facebook is to go through the authorization flow again. Doing so won't bother the user with an authorization page, though, as long as the authorization is still valid (tokens expire, but authorization are long-lived). If the authorization is still good and as long as you don't ask for any additional scope, Facebook will immediately redirect back without prompting the user with an authorization page.

SOCIAL-328 is still a work in progress, but it's coming along very nicely. It'll likely be in an upcoming milestone release of Spring Social 1.1.0 (either milestone 2 or milestone 3). It works by handling bad token exceptions of *any* reason (expired, revoked, etc) at the servlet level and redirecting the user through the authorization flow again. This means that it works for not only Facebook's oddball way of token renewal, but for any other provider where the token has gone bad.